<?php
class WebUser extends CWebUser{
	protected function afterLogin($fromCookie)
	{
		Yii::app()->getSession()->regenerateID();
		$user = User::model()->findByAttributes(array('username' => $this->getName()));
		$this->setData($user);
		$this->setAuthyLogin(empty($user->authy_id));
		$this->setLicenseAccess(true);
	}
	
	protected function afterLogout()
	{
		Yii::app()->getSession()->regenerateID();
		$this->setData(array());
		$this->setAuthyLogin(false);
		$this->setLicenseAccess(false);
	}
	
	public function getData($key = null)
	{
		$data = $this->getState('__data');
		if($key){
			$data = $data[$key];
		}
		
		return $data;
	}
	
	public function setData($value)
	{
		$this->setState('__data', $value);
	}
	
	public function setAuthyLogin($login = true)
	{
		$this->setState('__authyAccessed', $login);
	}
	
	public function setLicenseAccess($access = true)
	{
		$this->setState('__licenseAccessed', $access);
	}
	
	public function setAccountLimitExceeded($exceeded = true)
	{
		$this->setState('__accountLimitExceeded', $exceeded);
	}
	
	public function getDbData()
	{
		$yiiUser = $this->getData();
		if(empty($yiiUser)){
			return null;
		}
		return User::model()->findByPk($yiiUser->id_user);
	}

	public function getPerm()
	{
		$user = $this->getData();
		if(!$user->Role){
			return null;
		}
		
		return $user->Role->UserRolePerm;
	}
	
	public function getGroupAccess()
	{
		$user = $this->getData();
		if(!$user->Role){
			return null;
		}
		return $user->Role->UserRolePermGroup;
	}
	
	public function getAccountAccess()
	{
		$user = $this->getDbData();
		if(!$user->Role){
			return null;
		}
		return $user->Role->UserRolePermAccount;
	}
	
	public function anyone()
	{
		return true;
	}
	
	public function isUser()
	{
		$yiiUser = Yii::app()->user->getData();
		if(!empty($yiiUser['username'])){
			$count = User::model()->countByAttributes(array('username' => $yiiUser['username']));
			return $count > 0;
		}
		return false;
	}
	
	public function isSupremeAdmin()
	{
		$user = $this->getData();
		if($user->Role){
			return $user->Role->supreme == 1;
		}
		return false;
	}
	
	public function isAuthyLogin()
	{
		$authyAccessed = $this->getState('__authyAccessed');
		if(empty($authyAccessed)){
			return false;
		}
		return $authyAccessed;
	}
	
	public function isLicenseAccessed()
	{
		$licenseAccessed = $this->getState('__licenseAccessed');
		if(empty($licenseAccessed)){
			return false;
		}
		return $licenseAccessed;
	}
	
	public function isAccountLimitExceeded()
	{
		return $this->getState('__accountLimitExceeded');
	}
	
	public function isLogin()
	{
		return $this->isAuthyLogin() && $this->isLicenseAccessed() && !$this->isAccountLimitExceeded() && $this->isUser() ;
	}
	
	public function isVisitor()
	{
		$userData = Yii::app()->user->getData();
		if(empty($userData)){
			return true;
		}
		return false;
	}
	
	public function hasManageAccountPerm()
	{
		$perm = $this->getPerm();
		if($perm){
			return $perm->account_manage > 0;
		}
		
		return false;
	}
	
	public function hasSearchAccountPerm()
	{
		$perm = $this->getPerm();
		if($perm){
			return $perm->account_search > 0;
		}
		
		return false;		
	}
	
	public function hasManageGroupPerm()
	{
		$perm = $this->getPerm();
		if($perm){
			return $perm->group_manage > 0;
		}
		
		return false;		
	}
	
	public function hasManageHostPerm()
	{
		$perm = $this->getPerm();
		if($perm){
			return $perm->host_manage > 0;
		}
		
		return false;		
	}
	
	public function hasManageUserPerm()
	{
		$perm = $this->getPerm();
		if($perm){
			return $perm->user_manage > 0;
		}
		
		return false;		
	}
	
	public function hasManageBackupPerm()
	{
		$perm = $this->getPerm();
		if($perm){
			return $perm->backup_manage > 0;
		}
		
		return false;		
	}
	
	public function hasManageConfigPerm()
	{
		$perm = $this->getPerm();
		if($perm){
			return $perm->config_manage > 0;
		}
		
		return false;		
	}
	
	public function hasGroupAccess($id_group)
	{
		$groupAccess = $this->getGroupAccess();
		if($groupAccess){
			foreach($groupAccess as $gc){
				if($gc->id_group == $id_group && $gc->allow_or_deny == 1){
					return true;
				}
			}
		}
		
		return false;		
	}
	
	public function hasAccountAccess($id_account)
	{
		$accountAccess = $this->getAccountAccess();
		if($accountAccess){
			foreach($accountAccess as $ac){
				if($ac->id_account == $id_account){
					return $ac->allow_or_deny == 1;
				}
			}
		}
		
		// if account access is un-dictated, use its group's access
		$whmaccount = WhmAccount::model()->findByPk($id_account);
		return $this->hasGroupAccess($whmaccount->id_group);
		
		return false;		
	}

	public function hasSshCommadAccess()
	{
		// TODO: add real access control
		return true;
	}
	
	public function notAuthed()
	{
		$user = $this->getData();
		return empty($user->authy_id);
	}
	
}